How to create an empty java trust store?

java ssl truststore
George picture George · Jun 23, 2016 · Viewed 19.4k times · Source

I want to make a https client in java which initially does not have any CA certs to trust. Since I don't want the JVM to use the default cacerts file I should make an empty trust store and point it to the JVM.
How can I make an empty trust store?

Answer

Miguel Bautista picture Miguel Bautista · Feb 14, 2020

Using keytool, create a random key pair:

keytool -genkeypair -alias boguscert -storepass storePassword -keypass secretPassword -keystore emptyStore.keystore -dname "CN=Developer, OU=Department, O=Company, L=City, ST=State, C=CA"

then delete it

keytool -delete -alias boguscert -storepass storePassword -keystore emptyStore.keystore

review its contents:

$ keytool -list -keystore emptyStore.keystore -storepass storePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries

Related questions

java - path to trustStore - set property doesn't work?

I've setup a self-signed certificate to test an ssl java connection - however, it is refusing to locate the java trustStore. I've saved copies of it in /Java/jre6/lib/security in addition to the folder where the classes are …

Read More
How can I use different certificates on specific connections?

A module I'm adding to our large Java application has to converse with another company's SSL-secured website. The problem is that the site uses a self-signed certificate. I have a copy of the certificate to verify that I'm not encountering …

Read More
Using a custom truststore in java as well as the default one

I'm writing an application in Java which connects to two web servers via HTTPS. One got a certificate trusted via the default chain of trust, the other uses a self signed certificate. Of course, connecting to the first server worked …

Read More